We have always prioritized the privacy of our users and the security of their data. At the current stage of our project’s security policies and the data protection tools of our products, ONLYOFFICE becomes fully compliant with HIPAA requirements.
Read this post to learn what ONLYOFFICE does to guarantee compliance with the medical industry’s key data security legislation.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) aims at keeping patients’ Protected Health Information (PHI) safe by regulating the procedures and measures related to data privacy and security in medical organizations and their business associates.
When you wish to stay compliant with HIPAA to legally provide medical services in the USA or to state your level of data protection standards as a medical organization in general, it is important to use the software that complies with the Act.
Being a developer of ONLYOFFICE on-premises solutions, Ascensio System SIA acts as a provider of the Information System within the legislation and guarantees the compatibility of technological attributes of ONLYOFFICE with the regulated procedures.
To comply with HIPAA’s requirements for handling protected health information software-wise, you must provide a number of technical safeguards, namely:
ONLYOFFICE guarantees your compliance with specific HIPAA regulations related to establishing these technological safeguards thanks to solutions’ innermost composition and vast data protection functionality:
On-premises installation. ONLYOFFICE is highly secure by design: the ability to host it on-premises ensures absolute data independence and full control over any assets processed within its services.
Private Rooms and data encryption at rest. Within the network, the data is protected by reliable encryption technologies: the whole system can be encrypted at rest, while the information stored in the electronic document format can be encrypted using Private Rooms functionality that guarantees secure storage, online editing, and even real-time collaboration.
User identification and access control. ONLYOFFICE offers tools for unique user identification (flexible password criteria, 2FA, LDAP, etc.), emergency access procedures (data recovery from backup copies), automatic logoff configuration, access restriction (selected IPs, mail domains).
Read more about access controls
Data protection in transit. Data in transit between system and client is protected by the use of HTTPS protocols with up-to-date TLS encryption algorithm.
Data audit. ONLYOFFICE allows you to store and examine audit logs, oversee the user activity and login history.
Read more about data audit and login history
Data backup, migration, and erasure. It is possible to perform manual and automatic backups with parameters for backup storage destination, data copy structure, and a customizable number of backup operations in a time period (for automatic backups) and perform safe data recovery. With backup functionality, you can migrate to a new data carrier and erase the data at the previous disposition to prepare the carrier to reuse.
Read more about data backup in ONLYOFFICE
Flexible access rights. You can grant complex combinations of access rights to access the data stored on ONLYOFFICE portals. For electronic files, ONLYOFFICE allows choosing from basic (reading, viewing) and advanced (reviewing, commenting, filling forms, etc.) sharing permissions. It is possible to restrict downloading and printing of the patient data to avoid unauthorized distribution.
Read more about portal access rights
Read more about document sharing permissions
To contact Ascensio System SIA with HIPAA compliance-related requests, feel free to reach out to our HIPAA Security Officer / HIPAA Privacy Officer in Latvian headquarters:
Timur Shugaev
Contact email: tim@onlyoffice.com
20A-12 Ernesta Birznieka-Upisha street,
Riga, Latvia, EU,
LV-1050
Phone: +371 63399867
Alternatively, you can reach out to our support team via support@onlyoffice.com.
Read more about our security program in our security statement.
Read about end-to-end encryption in ONLYOFFICE in the end-to-end encryption guide.
Read about ONLYOFFICE compliance with GDPR in our GDPR statement.
This website uses cookies. By continuing to browse the website you agree to our privacy policy.
our privacy policy